We claim: 



1. A system for establishing secured communications 
pathways across an open unsecured network using mobile 
code, comprising: 

an authentication server; 

at least one application server arranged to be 
connected to the authentication server by a secured 
pathway; and 

at least one plat form- independent mobile code 
authentication and encryption program, 

wherein said authentication server is arranged to 
supply said plat form- independent mobile code authentication 
and encryption program to a user's computing device upon 
authentication of the user, 

wherein said plat form- independent authentication and 
encryption program is arranged to authenticate itself to 
the authentication server to establish a secure 
communications pathway without requiring pre- installation 
of authentication and encryption client software on the 
user's computing device, and 

wherein said plat form- independent mobile code 
authentication and encryption program is arranged to the 
transmit data from the user's computing device to an 
application server by encrypting the data and transmitting 
the data to the authentication server for forwarding to the 



application server, and by decrypting data originating from 
the application server and transmitted via the 
authentication server . 

2. A system as claimed in claim 1, wherein said platform- 
independent mobile code authentication and encryption 
program is a j ava applet. 

3. A system as claimed in claim 1, wherein said user's 
computing device is selected from the group consisting 
of a thin-client computing device and a mobile 
computing device having an installed communications 
program, but no pre-installed authentication 
certificates or authentication and encryption 
software . 

4. A method of establishing secured communications 
pathways across an open unsecured network using mobile 
code, comprising the steps of: 

upon connection of a user's computing device to an 
authentication server over an open network, requesting 
authentication information from the user; 

upon authentication of the user by the authentication 
server, downloading mobile code including an authentication 
and encryption client from the authentication server to the 
user's computing device; 




causing the authentication and encryption client to 
authenticate itself to the authentication server; 

upon authentication of the authentication and 
encryption client, opening a secure communications channel 
between the user's computing device and the authentication 
server, said secure communications channel permitting 
transfer of data between the user's computing device and an 
application server . 



A method as claimed in claim 3, wherein the 
authentication information requested from the user is 
a password. 
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q 6. A method as claimed in claim 3, wherein the steps of 

authenticating the authentication and encryption 

Si client, and of opening a secure communications channel 

include the step of developing a session key for use 
in encrypting communications between the user's 
computing device and the authentication server. 
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